Light Dark
October 16, 2015 By Shane Schick 2 min read

Researchers are warning that usernames, passwords and other credentials of online banking users in Japan may be compromised thanks to a Trojan that builds off of previous vulnerabilities in Adobe Flash Player and Microsoft’s Internet Explorer (IE).

An alert from ESET, which provides online scanning tools, offered details on Brolux, a Trojan that cybercriminals are using to track online banking activity by monitoring the URLs consumers visit. Brolux works by installing a pair of configuration files that contain both URLs that can be cross-referenced and popular Japanese financial services firms’ window titles. If cybercriminals see an opportunity, potential victims are directed to a page that resembles the country’s Financial Services Agency or the Japanese Public Prosecutor’s Office.

As SecurityWeek pointed out, this is just the latest instance of malware creators targeting Japanese online banking users. Although the degree of organized cybercrime in the country is believed to be in its early stages, according to a study from Trend Micro, similar threats hitting customers of financial institutions include malware such as Neverquest, Tsukuba and Shifu.

One of the interesting aspects of Brolux is its use of previously reported bugs in Flash Player and the so-called Unicorn vulnerability in IE. We Live Security compared the malware’s distribution method through an adult website to Win32/Aibatook, which also focused on Japanese online banking customers. In this case, however, the site luring potential victims is aggregating pornographic images and videos from other sites.

Hopefully, anyone who hasn’t already updated or patched Flash Player and IE will do so as news of Brolux spreads. In the meantime, expect many similar threats to emerge as cybercriminals simply modify or tweak previous vulnerabilities and exploits to distribute malware. Shifu, for example, made use of the widely known Angler exploit kit to go after online banking users in the U.K. Other features in Shifu were also reportedly copied from previous Trojans.

In other words, cybercriminals are making no attempt to be original here; they’re simply being as persistent as possible in the hopes of gaining control of more personal information over time.

 |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

May 17, 2024

How a new wave of deepfake-driven cybercrime targets businesses

5 min read - As deepfake attacks on businesses dominate news headlines, detection experts are gathering valuable insights into how these attacks came into being and the vulnerabilities they exploit.Between 2023 and 2024, frequent phishing and social engineering campaigns led to account hijacking and theft of assets and data, identity theft, and reputational damage to businesses across industries.Call centers of major banks and financial institutions are now overwhelmed by an onslaught of deepfake calls using voice cloning technology in efforts to break into customer…

May 16, 2024

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

May 15, 2024

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature